cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1379,https://securityvulnerability.io/vulnerability/CVE-2021-1379,Unauthenticated Remote Code Execution and Denial of Service Vulnerabilities in Cisco IP Phones,"Vulnerabilities exist in the Cisco Discovery Protocol and Link Layer Discovery Protocol implementations within Cisco IP Phone Series 68xx/78xx/88xx models. These vulnerabilities stem from inadequate security checks when processing incoming Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker to potentially execute arbitrary code remotely or cause unintended reboots of the affected devices. Exploitation requires the attacker to be on the same broadcast domain, highlighting the importance of securing network segments to mitigate such risks. Cisco has made software updates available to resolve these vulnerabilities, with no effective workarounds identified.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software,Cisco Small Business Ip Phones",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:42:00.388Z,0
CVE-2024-20376,https://securityvulnerability.io/vulnerability/CVE-2024-20376,Cisco IP Phone Firmware Vulnerability Could Lead to DoS Condition,"A vulnerability has been identified in the web-based management interface of Cisco IP Phone firmware that exposes devices to potential denial of service attacks. Due to inadequate validation of user-supplied input, an unauthenticated remote attacker may craft a malicious request targeting the interface of the affected devices. If successfully executed, the attack could lead to the affected device reloading, consequently disrupting service and impacting availability. The issue underscores the necessity for robust input validation mechanisms within management interfaces to prevent unauthorized disruptions.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:43:15.553Z,0
CVE-2024-20378,https://securityvulnerability.io/vulnerability/CVE-2024-20378,Unauthorized Access to Sensitive Information in Cisco IP Phone Firmware,"A security flaw exists in the web-based management interface of Cisco IP Phone firmware that could enable remote attackers to gain unauthorized access to sensitive information stored on affected devices. The issue stems from inadequate authentication controls for specific endpoints, allowing attackers to connect without prior credentials. Once exploited, this vulnerability permits attackers to capture user credentials and intercept traffic, including VoIP calls, leading to potential replay attacks and data breaches. Organizations utilizing Cisco IP Phones should prioritize applying security patches and implementing additional security measures to mitigate risks associated with this vulnerability.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:41:52.385Z,0
CVE-2024-20357,https://securityvulnerability.io/vulnerability/CVE-2024-20357,Unauthenticated Remote Attacker Could Initiate Calls on Affected Devices via XML Service Vulnerability,"A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  

 This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:36:53.907Z,0
CVE-2023-20265,https://securityvulnerability.io/vulnerability/CVE-2023-20265,Stored Cross-Site Scripting Vulnerability in Cisco IP Phones Management Interface,"A vulnerability exists in the web-based management interface of specific Cisco IP Phones that may allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. This issue stems from inadequate validation of user-supplied input, enabling an attacker to manipulate content in such a way that malicious HTML or script code gets executed when a user interacts with the affected interface. Successful exploitation could have significant repercussions, possibly leading to unauthorized access to sensitive browser-based information. To execute this attack, the assailant must possess valid access credentials for the management interface.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software",5.5,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-08-29T21:15:04.000Z,,false,false,,2023-11-21T19:15:00.000Z,0
CVE-2023-20221,https://securityvulnerability.io/vulnerability/CVE-2023-20221,Cross-Site Request Forgery in Cisco IP Phone Series Management Interface,"A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware allows an unauthenticated, remote attacker to execute cross-site request forgery (CSRF) attacks. This issue arises from insufficient CSRF protections within the interface. An attacker could exploit this vulnerability by tricking an authenticated user into clicking a specially crafted link, potentially leading to unauthorized actions such as a factory reset of the device. Such an exploit could cause a Denial of Service (DoS) condition, disrupting normal operations.",Cisco,"Cisco IP Phones with Multiplatform Firmware,Cisco PhoneOS",6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20079,https://securityvulnerability.io/vulnerability/CVE-2023-20079,"Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities","Multiple vulnerabilities exist within the web-based management interface of various Cisco IP Phones, enabling unauthenticated remote attackers to execute arbitrary code or trigger a denial of service (DoS) situation. These threats pose significant risks to the security and functioning of the devices. It is crucial for organizations to identify and remediate these vulnerabilities to protect their communication infrastructure.",Cisco,Cisco Ip Phones With Multiplatform Firmware,9.8,CRITICAL,0.0018899999558925629,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2023-20078,https://securityvulnerability.io/vulnerability/CVE-2023-20078,"Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities","Certain Cisco IP Phones are susceptible to multiple vulnerabilities within their web-based management interface. An unauthenticated remote attacker could leverage these weaknesses to execute arbitrary code, potentially resulting in compromised devices and disrupted operations. Additionally, these vulnerabilities could lead to a denial of service (DoS) condition, affecting the availability and functionality of the phones. It is essential for users to address these vulnerabilities promptly by consulting Cisco's advisory for detailed remediation steps.",Cisco,Cisco Ip Phones With Multiplatform Firmware,9.8,CRITICAL,0.003120000008493662,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2022-20817,https://securityvulnerability.io/vulnerability/CVE-2022-20817,Cisco IP Phone Duplicate Key Vulnerability,"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",Cisco,Cisco Ip Phones With Multiplatform Firmware,7.4,HIGH,0.0019000000320374966,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-06-15T00:00:00.000Z,0
CVE-2022-20774,https://securityvulnerability.io/vulnerability/CVE-2022-20774,"Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability","A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.",Cisco,Cisco Ip Phone 7800 Series With Multiplatform Firmware,6.8,MEDIUM,0.0007800000021234155,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-06T00:00:00.000Z,0
CVE-2021-34711,https://securityvulnerability.io/vulnerability/CVE-2021-34711,Cisco IP Phone Software Arbitrary File Read Vulnerability,"A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.",Cisco,Cisco Ip Phones With Multiplatform Firmware,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2020-3574,https://securityvulnerability.io/vulnerability/CVE-2020-3574,Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability,"A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.",Cisco,Cisco Ip Phones With Multiplatform Firmware,7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:46.000Z,,false,false,,2020-11-06T19:15:00.000Z,0
CVE-2019-16008,https://securityvulnerability.io/vulnerability/CVE-2019-16008,"Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability","A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Ip Phone 7800 Series With Multiplatform Firmware,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-01-26T05:15:00.000Z,0